Release v0.13.3 (#412)

varunsh-coder · web-flow · commit de3a03e44808 · 2023-06-14T22:27:24.000-07:00
diff --git a/dnsproxy.go b/dnsproxy.go
@@ -158,7 +158,7 @@ func (proxy *DNSProxy) ResolveDomain(domain string) (*Answer, error) {
 		}
 	}
 
-	return nil, fmt.Errorf("unable to resolve domain %s", domain)
+	return nil, fmt.Errorf("unable to resolve domain %s, status %d", domain, dnsReponse.Status)
 }
 
 func getDomainFromCloudAppFormat(domain string) string {
@@ -217,7 +217,7 @@ func (proxy *DNSProxy) getIPByDomain(domain string) (string, error) {
 
 	answer, err := proxy.ResolveDomain(domain)
 	if err != nil {
-		go WriteLog(fmt.Sprintf("unable to resolve domain: %s", domain))
+		go WriteLog(fmt.Sprintf("unable to resolve domain: %s err: %v", domain, err))
 		return "", fmt.Errorf("error in response from dns.google %v", err)
 	}
 
diff --git a/eventhandler.go b/eventhandler.go
@@ -189,7 +189,11 @@ func (eventHandler *EventHandler) handleNetworkEvent(event *Event) {
 			}
 			reverseLookUp := eventHandler.DNSProxy.GetReverseIPLookup(event.IPAddress)
 			eventHandler.ApiClient.sendNetConnection(eventHandler.CorrelationId, eventHandler.Repo, event.IPAddress, event.Port, reverseLookUp, "", event.Timestamp, tool)
-			WriteLog(fmt.Sprintf("endpoint called ip address:port %s:%s, domain: %s", event.IPAddress, event.Port, reverseLookUp))
+			process := ""
+			if image == "" {
+				process = tool.Name
+			}
+			WriteLog(fmt.Sprintf("endpoint called ip address:port %s:%s, domain: %s, pid: %s, process: %s", event.IPAddress, event.Port, reverseLookUp, event.Pid, process))
 			eventHandler.ProcessConnectionMap[cacheKey] = true
 		}
 	}
diff --git a/firewall.go b/firewall.go
@@ -24,6 +24,7 @@ const (
 	accept                    = "ACCEPT"
 	reject                    = "REJECT"
 	dnsServerIP               = "8.8.8.8"
+	dnsServerIP2              = "8.8.4.4"
 	classAPrivateAddressRange = "10.0.0.0/8"
 	classBPrivateAddressRange = "172.16.0.0/12"
 	classCPrivateAddressRange = "192.168.0.0/16"
@@ -95,6 +96,14 @@ func addBlockRules(firewall *Firewall, endpoints []ipAddressEndpoint, chain, net
 		return errors.Wrap(err, "failed to add rule")
 	}
 
+	// Allow 8.8.4.4 for dns
+	err = ipt.Append(filterTable, chain, direction, netInterface, protocol, tcp,
+		destination, dnsServerIP2, target, accept)
+
+	if err != nil {
+		return errors.Wrap(err, "failed to add rule")
+	}
+
 	// Allow AzureIPAddress
 	err = ipt.Append(filterTable, chain, direction, netInterface, protocol, tcp,
 		destination, AzureIPAddress, target, accept)

Original file line number	Diff line number	Diff line change
`@@ -158,7 +158,7 @@ func (proxy DNSProxy) ResolveDomain(domain string) (Answer, error) {`
`158`	`158`	`}`
`159`	`159`	`}`
`160`	`160`
`161`		`- return nil, fmt.Errorf("unable to resolve domain %s", domain)`
	`161`	`+ return nil, fmt.Errorf("unable to resolve domain %s, status %d", domain, dnsReponse.Status)`
`162`	`162`	`}`
`163`	`163`
`164`	`164`	`func getDomainFromCloudAppFormat(domain string) string {`
`@@ -217,7 +217,7 @@ func (proxy *DNSProxy) getIPByDomain(domain string) (string, error) {`
`217`	`217`
`218`	`218`	`answer, err := proxy.ResolveDomain(domain)`
`219`	`219`	`if err != nil {`
`220`		`- go WriteLog(fmt.Sprintf("unable to resolve domain: %s", domain))`
	`220`	`+ go WriteLog(fmt.Sprintf("unable to resolve domain: %s err: %v", domain, err))`
`221`	`221`	`return "", fmt.Errorf("error in response from dns.google %v", err)`
`222`	`222`	`}`
`223`	`223`
Original file line number	Diff line number	Diff line change
`@@ -189,7 +189,11 @@ func (eventHandler EventHandler) handleNetworkEvent(event Event) {`
`189`	`189`	`}`
`190`	`190`	`reverseLookUp := eventHandler.DNSProxy.GetReverseIPLookup(event.IPAddress)`
`191`	`191`	`eventHandler.ApiClient.sendNetConnection(eventHandler.CorrelationId, eventHandler.Repo, event.IPAddress, event.Port, reverseLookUp, "", event.Timestamp, tool)`
`192`		`- WriteLog(fmt.Sprintf("endpoint called ip address:port %s:%s, domain: %s", event.IPAddress, event.Port, reverseLookUp))`
	`192`	`+ process := ""`
	`193`	`+ if image == "" {`
	`194`	`+ process = tool.Name`
	`195`	`+ }`
	`196`	`+ WriteLog(fmt.Sprintf("endpoint called ip address:port %s:%s, domain: %s, pid: %s, process: %s", event.IPAddress, event.Port, reverseLookUp, event.Pid, process))`
`193`	`197`	`eventHandler.ProcessConnectionMap[cacheKey] = true`
`194`	`198`	`}`
`195`	`199`	`}`